在2016年10月份至2016年11月份Red hat CVE漏洞库发布了7个“重要”“严重”等级的安全漏洞,针对出现的安全漏洞,发布了对应的Bugzilla。安全公告每月更新一次,旨在查找解决严重的漏洞问题。
2016年11月新的安全漏洞
以下是所有安全漏洞的内容,供您参考。
CVE名称 | 等级 | 影响组件 | 发布时间 |
|---|---|---|---|
CVE-2016-7054 | Important | openssl、openssl098e、openssl097a | 2016/11/10 |
CVE-2016-8864 | Important | bind、bind97 | 2016/11/1 |
CVE-2016-8705 | Important | memcached | 2016/10/31 |
CVE-2016-8704 | Important | memcached | 2016/10/31 |
CVE-2016-5875 | Important | libtiff、compat-libtiff3 | 2016/10/25 |
CVE-2016-2848 | Important | bind、bind97 | 2016/10/20 |
CVE-2016-5195 | Important | kernel | 2016/10/19 |
关于这些新发布的所有安全漏洞,可在以下页面中找到详细信息:
https://access.redhat.com/security/cve/
备注:需使用您的Red Hat账号登录,方可查看全部安全漏洞详细信息。
安全漏洞详细信息
公告标识 CVE-2016-7054 | |
|---|---|
标题 | CVE-2016-7054 |
描述 | The MITRE CVE dictionary describes this issue as: |
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | |
Find out more about CVE-2016-7054 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 5 ( openssl ) |
Red Hat Enterprise Linux 6 ( openssl ) | |
Red Hat Enterprise Linux 7 ( openssl ) | |
Bugzilla | 1393920: CVE-2016-7054 openssl: Corrupting larger payloads when using ChaCha20/Poly1305 ciphersuites leads to DoS. |
详细信息 | https://access.redhat.com/security/cve/cve-2016-7054 |
公告标识 CVE-2016-8864 | |
标题 | CVE-2016-8864 |
描述 | A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. |
Find out more about CVE-2016-8864 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 7 (bind) |
Red Hat Enterprise Linux 5 (bind) | |
Red Hat Enterprise Linux 5 (bind97) | |
Red Hat Enterprise Linux 6 (bind) | |
Bugzilla | 1389652: CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer |
详细信息 | https://access.redhat.com/security/cve/cve-2016-8864 |
公告标识 CVE-2016-8705 | |
标题 | CVE-2016-8705 |
描述 | An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. |
Find out more about CVE-2016-8705 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 7 ( memcached ) |
Red Hat Enterprise Linux 6 ( memcached ) | |
Bugzilla | 1390511: CVE-2016-8705 memcached: Server update remote code execution |
详细信息 | https://access.redhat.com/security/cve/cve-2016-8705 |
公告标识 CVE-2016-8704 | |
标题 | CVE-2016-8704 |
描述 | An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. |
Find out more about CVE-2016-8704 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 7 ( memcached ) |
Red Hat Enterprise Linux 6 ( memcached ) | |
Bugzilla | 1390510: CVE-2016-8704 memcached: Server append/prepend remote code execution |
详细信息 | https://access.redhat.com/security/cve/cve-2016-8704 |
公告标识 CVE-2016-5875 | |
标题 | CVE-2016-5875 |
描述 | The MITRE CVE dictionary describes this issue as: |
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | |
Find out more about CVE-2016-5875 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 7 (compat-libtiff3 ) |
Red Hat Enterprise Linux 7 ( libtiff ) | |
Red Hat Enterprise Linux 6 (libtiff ) | |
Red Hat Enterprise Linux 5 (libtiff ) | |
Bugzilla | 1389228: CVE-2016-5875 libtiff: PixarLogDecode Heap Buffer Overflow |
详细信息 | https://access.redhat.com/security/cve/cve-2016-5875 |
公告标识 CVE-2016-2848 | |
标题 | CVE-2016-2848 |
描述 | A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet. |
Find out more about CVE-2016-2848 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 7 ( bind ) |
Bugzilla | 1385450: CVE-2016-2848 bind: assertion failure triggered by a packet with malformed options |
详细信息 | https://access.redhat.com/security/cve/cve-2016-2848 |
公告标识 CVE-2016-5195 | |
标题 | CVE-2016-5195 |
描述 | A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. |
Find out more about CVE-2016-5195 from the MITRE CVE dictionary dictionary and NIST NVD.. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 7 (kernel ) |
Red Hat Enterprise Linux 6 ( kernel ) | |
Red Hat Enterprise Linux 5 ( kernel ) | |
Bugzilla | 1384344: CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage |
详细信息 | https://access.redhat.com/security/cve/cve-2016-5195 |
注意和免责声明
关于信息的一致性:
如果Redhat CVE漏洞库网站上的安全公告内容和本文中的内容不一致,请以网站上的安全公告内容为准。
